Bugtraq mailing list archives
RE: [Full-disclosure] 0day: PDF pwns Windows
From: "Jeff Wells (jmwells)" <jmwells () cisco com>
Date: Fri, 21 Sep 2007 09:46:38 -0700
"Fatboy?" J. -----Original Message----- From: Joey Mengele [mailto:joey.mengele () hushmail com] Sent: Thursday, September 20, 2007 3:34 PM To: pdp.gnucitizen () googlemail com; ge () linuxbox org Cc: full-disclosure () lists grok org uk; bugtraq () securityfocus com Subject: Re: [Full-disclosure] 0day: PDF pwns Windows Dear Fatboy, Let's put aside for a minute the fact that you have no idea what you are talking about and let's also, for the benefit of this very valuable debate, assume your definition is correct. First, please prove this bug was never used in the wild. After that, please prove your credibility in the realm of defining words related to illegal computer hacking. Thanks. J P.S. Talking about botnets doesn't count to satisfy part 1 OR part 2 ___ "If today I stand here as a revolutionary, it is as a revolutionary against the Revolution." On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge () linuxbox org> wrote:
Impressive vulnerability, new. Not a 0day. Not to start an argument again, but fact is, people stop calling everything a 0day unless it is, say WMF, ANI, etc. exploited in the wild without being known. I don't like the mis-use of this buzzword. Gadi. On Thu, 20 Sep 2007, pdp (architect) wrote:http://www.gnucitizen.org/blog/0day-pdf-pwns-windows I am closing the season with the following HIGH Riskvulnerability:Adobe Acrobat/Reader PDF documents can be used to compromiseyourWindows box. Completely!!! Invisibly and unwillingly!!! All ittakesis to open a PDF document or stumble across a page which embedsone.The issue is quite critical given the fact that PDF documentsare inthe core of today's modern business. This and the fact that itmaytake a while for Adobe to fix their closed source product, arethereasons why I am not going to publish any POCs. You have to takemyword for it. The POCs will be released when an update isavailable.Adobe's representatives can contact me from the usual place. Myadvisefor you is not to open any PDF files (locally or remotely).Other PDFviewers might be vulnerable too. The issues was verified onWindows XPSP2 with the latest Adobe Reader 8.1, although previous versionsandother setups are also affected. A formal summary and conclusion of the GNUCITIZEN bug hunt to beexpected soon.cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Click for free info on earning your associates degrees. http://tagline.hushmail.com/fc/Ioyw6h4dDtGMI3TNpcvpjdNAOmIKYwGE2mXyuQX1w CzAkHpnY9xTtK/
Current thread:
- Re: [Full-disclosure] 0day: PDF pwns Windows Joey Mengele (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows Gadi Evron (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows Chad Perrin (Sep 21)
- RE: [Full-disclosure] 0day: PDF pwns Windows Michael Bitow (Sep 21)
- RE: [Full-disclosure] 0day: PDF pwns Windows Jeff Wells (jmwells) (Sep 21)
- <Possible follow-ups>
- Re: [Full-disclosure] 0day: PDF pwns Windows Rohit Srivastwa (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows pdp (architect) (Sep 21)